Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Welcome to the Official Site of PHP-Fusion
Sign In
Not a member yet? Click here to register.
1 Reply | Latest reply on 03-01-2017 04:08 by Falk
JoiNNN Posted 4 years ago 859 posts

https only where necessary

Right now we have the possibility to enable HTTPS for the whole site, this is nice but using encryption on each and every page might raise some issues, of which most important (I can think of right now) are mixed content and serving big files over https as the whole file must be encrypted that will be a waste of resources.

So we should have the option to set https only for:
- login page
- edit profile page
- private messages
- administration (all sub-pages)
- others...?

Go to roadmap item #1504

1 Replies

Sort replies by
FalkPosted 4 years ago 3915 posts
Resource considerations might have been an issue in the past, these days it is neglectable with SSL. ( we even have better performance now ).
The whole site will stay as secured as possible.
Most sections will be secured in the long run, we are in the middle of the transition, yet we have very few areas with mixed content now.
Some database paths are in need to be updated. Some external linking or inclusions with bbcode images will naturally add some mixed content but wont affect the site´s overall security.



More topics like this

You can view all discussion threads in this forum.
You can start a new discussion thread in this forum.
You cannot reply in this discussion thread.
You cannot start on a poll in this forum.
You cannot upload attachments in this forum.
You cannot download attachments in this forum.
Moderator: Development Team

https only where necessary
by JoiNNN Posted 4 years ago